Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x
Author Message
dirtyrat
New Member
New Member


Joined: May 18, 2007
Posts: 10

PostPosted: Tue Jun 26, 2007 10:14 am Reply with quote

I've been having problems with some users performing functions on my site. The most recent problem was a single user. He attempted to register several times with no success. After finally getting registered, he tried to send a PM only to have that fail.

After reading several threads, there was one that directed me to look at "includes\nukesentinel.php". While examining the code near:

Code:
if (!isset($_COOKIE['admin']) OR !is_admin($_COOKIE['admin'])) {

  // Check for SCRIPTING attack
  // Copyright 2004(c) ChatServ


I found this line:

Code:
     (eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||


My question is whether the ")" is correct in the ?[^)] section.

This is from Sentinel version 2.5.08.
 
View user's profile Send private message
Gremmie
Former Moderator in Good Standing


Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA

PostPosted: Tue Jun 26, 2007 10:30 am Reply with quote

It would help if you would explain what problems this user was having exactly in registering, and what was Sentinel doing to prevent it?

What failed when he tried to send a PM?

_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module 
View user's profile Send private message
dirtyrat
PostPosted: Tue Jun 26, 2007 11:50 am Reply with quote

Well, I wasn't directly asking about my site problem, just the code variance.

But, since you asked. All of the errors were Abuse-Script errors. This is on a phpNuke 7.9 patched site running Sentinel 2.5.08.

First register attempt:
Code:
Reason: Abuse-Script

--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
Query String: joinkof.com/modules.php?name=Your_Account&op=activate&username=(Delta)
Get String: joinkof.com/modules.php?name=Your_Account&op=activate&username=(Delta)
Post String: joinkof.com/modules.php
Forwarded For: none
Client IP: none
Remote Address: 65.24.28.3
Remote Port: 64088
Request Method: GET


Another registration attempt:
Code:
Reason: Abuse-Script

--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
Query String:
joinkof.com/modules.php?name=Your_Account&op=activate&username=(Delta) D.O.
2526&check_num=472ca5e3ec9b20e650b05c92123510e4
Get String:
joinkof.com/modules.php?name=Your_Account&op=activate&username=(Delta) D.O.
2526&check_num=472ca5e3ec9b20e650b05c92123510e4
Post String: joinkof.com/modules.php
Forwarded For: none
Client IP: none
Remote Address: 65.24.28.3
Remote Port: 61741
Request Method: GET


Another registration attempt:
Code:
Reason: Abuse-Script

--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
Query String:
joinkof.com/modules.php?name=Your_Account&op=activate&username=(Delta)_D.O._2526&check_num=0254c4c61d19af7367be00fd412fe370
Get String:
joinkof.com/modules.php?name=Your_Account&op=activate&username=(Delta)_D.O._2526&check_num=0254c4c61d19af7367be00fd412fe370
Post String: joinkof.com/modules.php
Forwarded For: none
Client IP: none
Remote Address: 65.24.28.3
Remote Port: 60197
Request Method: GET


And the PM error (where he was trying to tell us about his problems):
Only registered users can see links on this board! Get registered or login!

Thanks for the help.
 
Gremmie
PostPosted: Tue Jun 26, 2007 1:13 pm Reply with quote

I think it is the parenthesis in his username that is tripping up Sentinel.

And in the PM he pasted HTML code into it which also caused Sentinel to trip.
 
jakec
Site Admin


Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Tue Jun 26, 2007 1:17 pm Reply with quote

If the user removes the brackets from the username, does it work?
 
View user's profile Send private message
jakec
PostPosted: Tue Jun 26, 2007 1:19 pm Reply with quote

Great minds think alike! Wink
 
dirtyrat
PostPosted: Tue Jun 26, 2007 4:41 pm Reply with quote

So, there is no way to use parentheses in a username?
 
Gremmie
PostPosted: Tue Jun 26, 2007 5:39 pm Reply with quote

Apparently not with Sentinel... Wink

That can get passed on to the developers and we can see what they say...
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©